<?php
/**************************
	created by: moses chan
	created on: 13-11-12
	
	This is the landing page when a client hits the order button.
	Depending on the status of the session, it will display different messages.
		if(not directed here from 'package.php') then echo 'nothing here'
		if(not logged in) then echo 'options to login or create new account'
		if(logged in) then echo 'a confirmation page'
**************************/

	$pageTitle = "Order Page";
	include("gpagetop.php");
	
	//redirected from packages page	
	if(isset($_POST['PackageId'])) {
		$_SESSION['PackageId'] = $_POST['PackageId']; //maintain the selection throughout the session
		$_SESSION['PkgName'] = $_POST['PkgName'];
		if(!isset($_SESSION['loggedAs'])) {
			echo 'First time booking a vacation with us? <a href="custreg.php">Create an account!</a><br/>
					Already have an account? Please login to continue.';
		}
		else {			
			echo 'Are you sure you want to book a '.$_POST['PkgName'].'?<br/>';
			echo '<form method="get" action="">
					<input type="hidden" name="confirmed" value="t">
					<input type="submit" value="CONFIRM">
					</form>';		
		}
	}
	
	//redirected from custentry.php (when a new customer tries to order and has entered their data)
	else if(isset($_SESSION['newCustPurch'])) {
		echo 'Thank you for registering!<br/>';
		echo 'Are you sure you want to book a '.$_SESSION['PkgName'].'?<br/>';
		echo '<form method="get" action="">
				<input type="hidden" name="confirmed" value="t">
				<input type="submit" value="CONFIRM">
				</form>';
	}
	
	//redirected from here when submit button is pressed
	else if(isset($_GET['confirmed'])) {
		//connect to db and add a booking record
		if(!isset($_SESSION['loggedAs'])) {
			echo 'Please login or create a new account';
		}
		else {
			//generate some data to enter into bookings table
			$bkDate = date('Y-m-d H:i:s');
			$bkNo = rand(0, 99999);
			$trvlCount = rand(0, 10);
			$tripType = "L";
			$pkgId = $_SESSION['PackageId'];
			
			//get customer id from db with email addr
			$dbHost = 'localhost';
			//$dbPort = '8889';
			$dbUser = 'root';
			$dbPass = 'root';
			$dbSelect = 'TravelExperts';
			$dbh = new mysqli($dbHost, $dbUser, $dbPass, $dbSelect);
			if($dbh->connect_errno) { 
				echo 'database connection failed: '.$dbh->connect_error;
				exit();
			}
			
			$custId = '';
			if($sqlStm = $dbh->prepare("SELECT CustomerId from Customers WHERE CustEmail=?")) {
				
				$email = $_SESSION['loggedAs'];
				$sqlStm->bind_param("s", $email);
				$sqlStm->execute(); //start searching for customerid on email
				$sqlStm->bind_result($custId);
				if(!$sqlStm->fetch()) {
					echo 'Error getting customer id.<br/>
							Please login or create a new account.<br/>';
					exit();
				}
				$sqlStm->close();
			}
						
			//got all the data we need, now make entry into bookings  table
			if($sqlStm = $dbh->prepare("INSERT INTO Bookings(BookingDate, BookingNo, 
											TravelerCount, CustomerId, TripTypeId, PackageId)
										VALUES(?, ?, ?, ?, ?, ?)")) {
				$sqlStm->bind_param("ssiisi", $bkDate, $bkNo, $trvlCount, $custId, $tripType, $pkgId);
				$sqlStm->execute();
				$sqlStm->close();
			}
		}
	}
	
	
	else {echo 'Nothing to see here.';}

	include("gpagebottom.php");
?>